VMware ESX 3.5, Patch ESX350-201002401-SG: Updates Net-SNMP (1017660)
Release Date: February 16, 2010
Summaries and Symptoms
This patch updates the service console package for net-snmp, net-snmp-utils, and net-snmp-libs to version net-snmp-5.0.9-2.30E.28. This net-snmp update fixes a divide-by-zero flaw in the snmpd daemon. A remote attacker could issue a specially crafted GETBULK request that could cause the snmpd daemon to fail. This vulnerability was introduced by an incorrect fix for CVE-2008-4309.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1887 to this issue.
Note: After installing the patch ESX350-200901409-SG, running the snmpbulkwalk command with the parameter -CnX results in no output, and the snmpd daemon stops. This patch fixes the issue.
Patch Download and Installation